WebAuthn - Cant register a device if Bitwarden extension is logged in

uniQuk commented 11 months ago

Version

5.0.2

Details & Steps to reproduce

After setting up 2FAuth getting a proper SSL. In Chrome & Brave when registering a new WebAuthn device I get a red banner that says: "Uknown Error". I tried in Edge and Firefox both worked and also on Mobile Safari. I also tried on another Edge profile and got the same error. After disabling extensions one by one being logged into Bitwarden produces the unknown error.

Disabling Bitwarden in Chrome and Brave also worked. Renabling it will work until you are logged in.

Tested

Expectation

Bowser popup "Windows Security" asking for PIN/Security Key or more choices etc.

Error & Logs

Date: Sun, 31 Dec 2023 21:38:30 +0000
userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0
Version: 5.0.1
Environment: local
Install path: /
Debug: false
Cache driver: file
Log channel: daily
Log level:
DB driver: sqlite
PHP version: 8.1.22
Operating system: Linux
interface: fpm-fcgi

Execution environment

version: "3.9"

networks: web: external: true

services: 2fauth: image: 2fauth/2fauth container_name: 2fauth volumes:

./2fauth:/2fauth environment:
APP_NAME=2FAuth
APP_ENV=local
SITE_OWNER=[scrubbed]
APP_KEY=[scrubbed]
APP_URL=https://[scrubbed]
LOG_CHANNEL=daily
LOG_LEVEL=notice
DB_DATABASE="/srv/database/database.sqlite"
CACHE_DRIVER=file
SESSION_DRIVER=file
AUTHENTICATION_GUARD=web-guard
WEBAUTHN_NAME=2FAuth
WEBAUTHN_USER_VERIFICATION=preferred
TRUSTED_PROXIES=*
BROADCAST_DRIVER=log
QUEUE_DRIVER=sync
SESSION_LIFETIME=120
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
MIX_ENV=local
- CF_DNS_API_TOKEN=[scrubbed]

networks:
web labels:
traefik.enable=true
traefik.http.routers.2fauth.rule=Host([scrubbed]) || Path(/2fauth)
traefik.http.routers.2fauth.entrypoints=websecure
traefik.http.routers.2fauth.tls.certresolver=default

Containerization

[X] Docker

Additional information

Tested with 5.0.0, 5.0.1, 5.0.2 Tested registering on: https://webauthn.io/ - I noticed Biwarden "hijacks" if you will the Passkey popup. When Bitwarden is not on the default popup is Browser/Web. I assume this initial passkey interaction is what's causing the issue.

Bubka commented 11 months ago

The error comes from the Bitwarden js. A fix will be released mid January, in version 2024.1 of BW (see https://github.com/bitwarden/clients/issues/7141#issuecomment-1871186500)

FYI, this only affects the registration process, so you can register your device using another browser or with the extension disabled, then go back to your daily setup for login, it should work.

DaviPtrs commented 8 months ago

Go to bitwarden extension -> settings -> Options and Disable the box "Ask to save and use passkeys"

This allows you to register without disabling the extension

Bubka / 2FAuth